Are Employees Undermining Your Data Breach Defenses from the Inside?

The annual Verizon Data Breach Report 2018 was released recently, and gives an independent, worldwide view of how market sectors are being attacked, scammed, spied on, and ransomed.

HelpSystems frequently surveys customers and this information feeds back into our product plans. The Verizon report, however, keeps us mindful of the changing threat landscape. Beyond the huge waves of denial of service, ransomware, and payment card skimming of bricks-and-mortar retailers and hoteliers, we wanted to touch on some of the internal threats behind the public-facing technological dams we build and support.

Financial Services

Still deluged by web-based attacks at the front end, banks and other financial companies have the internal threat under control. No more than seven percent of attacks originate with internal staff. Financial companies have excellent audit and tracking capabilities, and can identity and close down breaches rapidly. The same cannot be said for other sectors

Healthcare

With a huge amount of personal and financial data to protect, the healthcare sector is plagued by 56 percent of attacks starting with their own staff. More than 40 percent start with stealing other people’s or system IDs, most of those still using passwords. Worldwide, this sector has a historically strong track record in using ID cards and biometrics on the ward. Passwords are still in the majority in the finance office and data centers where most breaches occur. With poor security training and a high turnover of key staff, multi-factor authentication (MFA) needs to be pervasive from now on, both in applications and server operating systems.

Information Sector

Public-facing webpages are being flooded with Denial of Service Attacks. Not a lot has changed since last year, but still staff IDs and passwords are being used as keyholes inside. A switch to MFA will be a simple fix here.

Manufacturing

A mixed bag this year. Attacked both externally (89 percent) and inside (13 percent), theft of company secrets and production data starts with too much information being accessible by your staff. With complex supply chains and widely spread geographies, linking IT infrastructures together is the easy part. Segmenting business data is hard to do, and more tools and automation are needed.

Public Sector

Our governments and other public-sector bodies are being attacked continually. 67 percent of breaches come from outside, and a lot of headlines and spending go there. Despite the IT budgets spent worldwide, identification that a department has been breached from the inside is woeful. Market data show weeks, months, or years going by before internal breaches are discovered. 39 percent of breaches annually involve internal or partner staff or their IDs. As in healthcare, front-office staff have ID badges and tokens, but the back office and data centers rarely do. Like manufacturing, data segmentation tied to job function is essential and poorly implemented, especially with inter-departmental data transfers.

The Verizon report is always a sobering read. It's clear that other (external) threats hit our customers five or 10 times more on the public-facing side of their operations. Most of those breach attempts (91 percent) never make it over the top or through defenses.

Understandably, day-to-day management and operations are watching the water rising up the side of the dam. At the same time, less money is spent looking at what is happening inside organizations. Collusion, theft, or poor training happens less often, but the financial cost or business impact per internal breach is between five and 20 times greater than an external event.

Protect Your System from Internal Threats

Powertech Identity & Access Manager (BoKS) is a simple way to define, control, and monitor administrative privileges across your IT systems. See what it can do for you in a custom demo.

About the Author

David has been embedded for three decades within the Identity and Access Management (IAM) marketplace, and with other cybersecurity infrastructures to support multi-national organizations’ business operations and audit requirements. His roles have previously included Consulting Architect,...